SigmaDots is building decentralized IoT security for everything

Essence Group, an Israeli smart home and medical device company, wanted to get serious about security, so it created a startup called SigmaDots that is now spinning out to become its own venture. Itsik Harpaz, the CEO of SigmaDots, is taking a three-pronged approach to securing the IoT and believes it could work for everything from the smart home to industrial settings.

Harpaz says that many of the devices used in the internet of things are relatively low power and resource-constrained, which can make them hard to secure. It’s both expensive to buy chips that can ensure good security with a secure enclave and encryption, and those security options can require more power or memory than a sensor really has. Add to the constraints on the device and there are also just so many of them, that securing them might be physically impossible.

SigmaDots aims to tackle all aspects of IoT security in one company.

Thus security at the outermost edge is difficult. But having security inside a data center or inside a gateway device on a factory floor has a different set of challenges. There, devices need ways to handle encrypted data, they need to handle security for the more powerful computers inside gateway devices, and they need to secure apps running on those devices.

Between the gateway and the edge devices, companies also need to think about data flowing across the network and what might happen if an attacker gains access to the network. This is a lot to worry about, which is why most businesses will rely on a mix of security services such as firewalls, encryption, network monitoring and software that runs on edge devices and checks back into a cloud for credentials.

SigmaDots tries to tackle all of the above with its product. For the edge, it has an agent that will run on all devices and enables devices that are in good standing to communicate their data back to a gateway using a proprietary communications protocol. This is a similar approach to Mocana, which also communicates through a proprietary communication protocol.

In its marketing materials, SigmaDots says it uses the blockchain, but in reality, it is mimicking the blockchain’s decentralized architecture but isn’t doing any tracking of changes or ledger functions associated with a blockchain. I found this confusing, so let me just say straight up that SigmaDots is not using blockchain.

That’s not a negative. The agent on each device is important, and so far SigmaDots is working with cellular chip makers to get its agent installed on their devices, which helps make it easier to find edge devices that will be secure using the SigmaDots system. It also handles the fears of network attacks and attacks on applications running on the gateway with a firewall and behavior monitoring. That way it’s tough for hackers to operate the network, and if they do, weird behavior will be flagged.

Typically, firewalls and network monitoring come from two different vendors and must be cobbled together by IT staff. SigmaDots also offers encryption of data in motion and at rest as well as secure MQTT messaging. Finally, the license fee also includes continuous monitoring and patching, which makes sense because security threats are constantly evolving.

There are dozens of companies trying to tackle aspects of IoT security, although few are trying to tackle everything. I think SigmaDots may have to focus on one set of customers as opposed to trying to win business in industrial, enterprise and in the smart home, but there is plenty of interest in new IoT security options, and if it really can provide an all-in-one solution, SigmaDots would have a big advantage.